A study comparing security controls for human and machine identities reveals a worrying trend. While almost all organizations have a policy that governs password length for human identities, only half have a written policy on length and randomness of keys for machine identities - this, despite the rapid spread of machines that need to authenticate themselves to each other so they can communicate securely.